Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6A672E73B for ; Wed, 23 Jan 2013 14:44:40 +0000 (UTC) Received: (qmail 60937 invoked by uid 500); 23 Jan 2013 14:44:39 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 60351 invoked by uid 500); 23 Jan 2013 14:44:35 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 60314 invoked by uid 99); 23 Jan 2013 14:44:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jan 2013 14:44:34 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 147.91.1.120 is neither permitted nor denied by domain of ognjen.d.blagojevic@gmail.com) Received: from [147.91.1.120] (HELO afrodita.rcub.bg.ac.rs) (147.91.1.120) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jan 2013 14:44:26 +0000 Received: from [147.91.4.66] (ognjen-pc.rcub.bg.ac.rs [147.91.4.66]) by afrodita.rcub.bg.ac.rs (Postfix) with ESMTP id 324B6191A85F for ; Wed, 23 Jan 2013 15:43:56 +0100 (CET) Message-ID: <50FFF72B.8000606@gmail.com> Date: Wed, 23 Jan 2013 15:43:55 +0100 From: Ognjen Blagojevic User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: Disable TLS compression in JSSE References: <50F5E3A0.2090004@christopherschultz.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-RCUB-MailScanner-Information: Please contact the ISP for more information X-RCUB-MailScanner-ID: 324B6191A85F.A5D4D X-RCUB-MailScanner: Found to be clean X-RCUB-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.599, required 6, autolearn=not spam, BAYES_00 -2.60) X-Virus-Checked: Checked by ClamAV on apache.org On 23.1.2013 2:13, Tim Whittington wrote: > As far as I know, JSSE doesn't support compression. > [1] claims this, but doesn't have a reference, and I can't find > anything else useful on the internet, although i recall an analysis of > the CRIME attack that claimed the same thing. I tested couple of my Tomcat installations, each of them uses JSSE, with this tool: https://www.ssllabs.com/ssltest/analyze.html I came to the same conclusion, JSSE probably doesn't support compression at all (or, at least, out-of-the-box). -Ognjen --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org